forked from neenogreen/ioc-finder
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathutility.py
52 lines (38 loc) · 1.9 KB
/
utility.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
#!/usr/bin/env python3
"""Python package for finding observables in text."""
import requests
PRE_ATTACK_URL = 'https://raw.githubusercontent.com/mitre/cti/master/pre-attack/pre-attack.json'
ENTERPRISE_ATTACK_URL = 'https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json'
MOBILE_ATTACK_URL = 'https://raw.githubusercontent.com/mitre/cti/master/mobile-attack/mobile-attack.json'
def _get_id(data):
return data['external_references'][0]['external_id']
def get_pre_attack_data():
r = requests.get(PRE_ATTACK_URL)
l = r.json()['objects']
tactics = [_get_id(i) for i in l if i['type'] == 'x-mitre-tactic']
techniques = [_get_id(i) for i in l if i['type'] == 'attack-pattern']
return tuple(tactics), tuple(techniques)
def get_enterprise_attack_data():
r = requests.get(ENTERPRISE_ATTACK_URL)
d = r.json()['objects']
tactics = [_get_id(i) for i in d if i['type'] == 'x-mitre-tactic']
techniques = [_get_id(i) for i in d if i['type'] == 'attack-pattern']
mitigations = [_get_id(i) for i in d if i['type'] == 'course-of-action' and _get_id(i).startswith('M')]
return tuple(tactics), tuple(techniques), tuple(mitigations)
def get_mobile_attack_data():
r = requests.get(MOBILE_ATTACK_URL)
d = r.json()['objects']
tactics = [_get_id(i) for i in d if i['type'] == 'x-mitre-tactic']
techniques = [_get_id(i) for i in d if i['type'] == 'attack-pattern']
mitigations = [_get_id(i) for i in d if i['type'] == 'course-of-action' and _get_id(i).startswith('M')]
return tuple(tactics), tuple(techniques), tuple(mitigations)
def get_tlds():
"""."""
r = requests.get('https://data.iana.org/TLD/tlds-alpha-by-domain.txt')
tlds = r.text.split('\n')[1:-1]
tlds = [i.lower() for i in tlds]
tlds.append('onion')
return tuple(tlds)
print(get_pre_attack_data())
print(get_enterprise_attack_data())
print(get_mobile_attack_data())